Sheng, Currently, the sha512 is generated by `gpg` following the instruction [1], but not by `shasum`.
The format of the generated sha512 files are different although the signatures are the same. If we generate the sha512 file using: ```shell shasum -a 512 apache-echarts-4.3.0-rc.2-incubating-src.zip ``` We can verify it by: ```shell shasum -a 512 -c apache-echarts-4.3.0-rc.2-incubating-src.zip.sha512 ``` But if we use `gpg`, the verification command above seems do not work. (BTW, `shasum -c xxx` use `sha1` by default, so we should specify `-a 512`.) So for `gpg`, I have to verify it in this way: ```shell gpg --print-md SHA512 apache-echarts-4.3.0-rc.2-incubating-src.zip apache-echarts-4.3.0-rc.2-incubating-src.zip-local.sha512 diff apache-echarts-4.3.0-rc.2-incubating-src.zip-local.sha512 apache-echarts-4.3.0-rc.2-incubating-src.zip.sha512 ``` Is there a better way? [1] https://www.apache.org/dev/openpgp.html#generate-key ------------------------------ Su Shuang (100pah) ------------------------------ On Fri, 13 Sep 2019 at 05:45, Sheng Wu <wu.sheng.841...@gmail.com> wrote: > +1 binding > > Checked > - asc signed > - sha512 checked > - LICENSE and NOTICE there > - DISCLAIMER there > > One question, when I run > > shasum -c apache-echarts-4.3.0-rc.2-incubating-src.zip.sha512 > > Got > > shasum: apache-echarts-4.3.0-rc.2-incubating-src.zip.sha512: no properly > formatted SHA1 checksum lines found > > I manually compared the sha512, they are matched. How do you generate the > sha512 file? And how do you check with command. > > > Sheng Wu 吴晟 > > Apache SkyWalking > Apache Incubator > Apache ShardingSphere, ECharts, DolphinScheduler podlings > Zipkin > Twitter, wusheng1108 > > > Dave Fisher <wave4d...@comcast.net> 于2019年9月12日周四 下午1:48写道: > > > +1 from me. > > > > I checked: > > - Incubating in name > > - DISCLAIMER exists > > - LICENSE and NOTICE are fine > > - No unexpected binary files > > - Checked signature and checksum > > > > We should discuss the build instructions compared to test build > > instructions on the dev@echarts mailing list. > > > > Regards, > > Dave > > > > > On Sep 12, 2019, at 6:42 AM, Dave Fisher <wave4d...@comcast.net> > wrote: > > > > > > Inline > > > > > > Sent from my iPhone > > > > > >> On Sep 12, 2019, at 3:18 AM, SHUANG SU <sushuang0...@gmail.com> > wrote: > > >> > > >> Justin & Furkan, thank you for the detailed check! > > >> > > >> There is a relevant build instruction in > > >> > > > https://echarts.apache.org/en/tutorial.html#Create%20Custom%20Build%20of%20ECharts > > >> and the link is listed in `README.md`. > > >> > > >> But I also think it is not clear enough and the doc is on the > > perspective > > >> of echarts user but not echarts contributor. > > >> > > >> I will add instruction of "how to build from the source code" to > > >> `README.md` directly, > > >> and add the entry of `npm run build` and `npm run build:watch` to > > >> `package.json`. > > >> Hope that makes it better. > > >> > > >> Because it is an enhancement, could we include this modification of > > >> `README.md` > > >> in the future release, but not in this release? > > > > > > Yes. Please make the change for the future while we continue this VOTE > > thread! > > > > > > Regards, > > > Dave > > >> > > >> > > >> Thanks, > > >> ------------------------------ > > >> Su Shuang (100pah) > > >> ------------------------------ > > >> > > >> > > >> > > >>> On Thu, 12 Sep 2019 at 17:25, Furkan KAMACI <furkankam...@gmail.com> > > wrote: > > >>> > > >>> Hi, > > >>> > > >>> +1 from me. > > >>> > > >>> I checked: > > >>> - Incubating in name > > >>> - DISCLAIMER exists > > >>> - LICENSE and NOTICE are fine > > >>> - No unexpected binary files > > >>> - Checked PGP signatures > > >>> - Code compiles and tests successfully run > > >>> > > >>> I agree with Justin, build instructions should be more clear. On the > > other > > >>> hand, I'm not sure about the sha512 checksum file format. > > >>> > > >>> Kind Regards, > > >>> Furkan KAMACI > > >>> > > >>> On Thu, Sep 12, 2019 at 6:01 AM Justin Mclean < > > jus...@classsoftware.com> > > >>> wrote: > > >>> > > >>>> Hi, > > >>>> > > >>>> +1 binding > > >>>> > > >>>> I checked: > > >>>> - incubating in a name > > >>>> - signature sand hashes correct > > >>>> - DISCLAIMER exists > > >>>> - LICENS and NOTICE file > > >>>> - Now unexpected binary files in the release > > >>>> - All source files have ASF headers > > >>>> - Compiled from source release > > >>>> > > >>>> It would be good to see some build instruction in the source > release. > > >>>> There’s a build directory but it unclear what need to be done to > build > > >>> it. > > >>>> I figured it out but it's not exactly obvious what is needed to be > > done. > > >>>> > > >>>> Thanks, > > >>>> Justin > > >>>> > > >>>> > > >>>> > --------------------------------------------------------------------- > > >>>> To unsubscribe, e-mail: general-unsubscr...@incubator.apache.org > > >>>> For additional commands, e-mail: general-h...@incubator.apache.org > > >>> > > > > > > > > > --------------------------------------------------------------------- > > > To unsubscribe, e-mail: general-unsubscr...@incubator.apache.org > > > For additional commands, e-mail: general-h...@incubator.apache.org > > > > > > > > > --------------------------------------------------------------------- > > To unsubscribe, e-mail: general-unsubscr...@incubator.apache.org > > For additional commands, e-mail: general-h...@incubator.apache.org > > > > >
